SP2 Users battling against torrent of Rootkits

Written by Jason Cundall

December 7, 2005 | 19:19

Tags: #malware #microsoft-windows #redmond #rootkit #service-pack-2 #sp2 #spyware

According to researchers at Microsoft's security unit (what an overworked bunch of individuals they must be...), a fifth of all malware zapped from XP SP2 systems are stealth rootkits - those pesky bits of code brought into the spotlight recently by Sony's ill-advised dalliance with them.

More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.

Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility.

"I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.

In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month.

WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.

More from eWeek here.

But fear not - in raising the alarm, the Team manage to blow their own trumpet regarding the MS worm zapper tool - which alarmingly shows how big the problem is, when you see the stats - 1.7 billion execution since it was launched back in January, averaging about 200 million executions per month. That's a lot of malware zapping, in anyone's books.

Can rootkits be stopped? Is Redmond doing enough to cleanse infected machines? Should they have to in the first place - you could argue the old chestnut that if they had made the OS more secure in the first place, they wouldn't have to run around stamping on fires...

Whatever your view, express it in the news forums here.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04